Resources

DocuSign wants to help you protect yourself from online security threats. Below are several resources designed to do that, including:

  • Practical advice on how to reduce risk by combating common Internet-themed threats, such as business email compromise, phishing, and brute-force attacks
  • An overview of controls that you can apply to reduce risk to an acceptable level
  • Additional video guidance from DocuSign’s security thought leaders

Recommended system and application access best practices

Workstation security

Install anti-virus software and ensure it’s enabled and kept up-to-date. Apply vendor-recommended security patches on a frequent basis.

Public computers/Internet cafes

Exercise caution using public computers. Web browsers can cache personal data and store login details. Always log off websites and clear the browser cache when done using a public computer to protect your personal information, passwords, and accounts.

Safeguard IDs and passwords

Keep your user IDs and passwords safe by following these tips:

  • Use a strong password that’s difficult for others to guess, and avoid birthdays, names, and pet names
  • Never write down your password or share it with others
  • Never provide your DocuSign account login or password, credit card number, or other personal information via email or to unknown parties

Note: DocuSign will never ask you for your password.

Filtering email attachments

Quarantine any emails from the Internet with potentially harmful attachments, such as .zip and .exe file types. The only attachments DocuSign sends in email are PDFs.

Combating phishing

Read our Combat Phishing white paper for advice on how to proactively battle phishing.

Advice from DocuSign security leaders

In the videos below, you’ll find useful insights on security best practices from DocuSign information security leaders.

Keeping security top of mind

Tom Thokey, DocuSign’s senior director of security consulting, discusses the importance of keeping security top of mind during and after the software development process, as well as other best practices around shipping secure code.

Secure code review includes getting into the “guts of the code”

John Heasman, DocuSign’s senior director of security engineering, gives a deep dive into his workflow for engineering application security, including the challenges, valuable tools, and his code review methodology.

Security innovation: a deep-dive discussion on incident response

Thomas Kinsella, DocuSign’s senior director of security consulting, shares insights on how he and his team runs DocuSign’s Cybersecurity Trust Centre of Excellence Computer Security Incident Response Team (CSIRT), as well as the Trust Center’s business security innovation processes used for threat modelling, database security automation, phishing investigation, and more.